I just played a little bit with tcpdump (as I wanted to check why my mails are not getting send) and thereby discovered very strange and a lot of traffic to the "Private IPs". Please See examples below:

Secondly I have the question. How can I check if this traffic will pass my network Interfaces so it will also be "sent" to the network of my provider. What I mean with this question is, is this only traffic internal to my server or is this traffic also "leaving" my server.(It will most likely be discarded by the routers of my ISP but I do not know how tcpdumps works, if this traffic shown is "internal" or "external" traffic.

UPDATE: I had a look at the processtable and killed some processes and found the programm: It was a proxy-server I installed... But the question stills stays the same: Having this example tcpdump given above, how could I further find the programm that is causing this traffic when not looking at the process list and killing programms. and furthermore the question is this traffic "leaving" my server or is this only internal traffic

2 Answers
2

You can look at internet sockets and connections and the programs that own them with either sudo lsof -i or sudo netstat -nap46 . You can see if traffic is leaving the machine by passing -i $EXTERNAL_INTERFACE to tshark or tcpdump.